Be careful if you play EA games

The main developers of video games nowadays have platforms that allow users to browse their entire library, buy and download games and also be able to be in contact with their friends and acquaintances. These platforms are usually secure and protect the information of users with encrypted connections between the client and the server. However, sometimes a security breach can compromise the integrity of all these users, as has happened with Origin, the EA client .

EA is the second largest developer in the United States, known especially for sports games, such as FIFA or NBA. Origin is the client that this developer offers users to access all their games, download them and play legally through the Internet.

For the login, this application makes use of OAuth Single Sign-On systems with advanced authentication mechanisms. However, a failure in this authentication system has endangered the more than 300 million accounts of users who use this video game store.

A simple link can allow a hacker to take control of your EA Origin account

This security flaw is mainly due to the fact that one of the subdomains of EA , specifically eaplayinvite.ea.com, was automatically redirecting to another domain, ea-invite-reg.azurewebsites.net, which does not exist today and had been abandoned by EA. Surely this domain was used in the past for some promotion and, when finished, they forgot to cancel the redirection and delete it.eaplayinvite . ea . com , was automatically redirecting to another domain, ea-invite-reg.azurewebsites.net, which does not exist today and had been abandoned by EA. Surely this domain was used in the past for some promotion and, when finished, they forgot to cancel the redirection and delete it.

The security researchers of Check Point and CyberInt, who have been the ones who have detected this security problem, managed to register for free that domain in Azure, Microsoft’s cloud, and use it to set up a system that would allow the theft of accounts.

Vulnerability login Origin EA

With the domain under their control, the researchers were able to analyze in more detail how EA’s secure login system worked in order to try to impersonate it. Although most domains had extra security measures that did not allow redirection, one of the domains, signin.ea.com, allowed the use of the “redirectback” parameter , which allowed the players to be forwarded to the authentication system created by Researchers with the access token to the account with the session started.signin . ea . com , allowed the use of the parameter.

In this way, the investigators (or a hacker who had noticed before the error) could have absolute control of any account, from stealing and changing the ID of the victim to buying any game with the payment data stored in the platform.

How to protect ourselves from this security flaw and protect our EA Origin account

EA is already aware of this security breach, although for the time being it has not made statements about whether it has been solved or when it will.

For the moment, the only ways to protect ourselves from this security flaw is to enable double authentication for the login (something we should all have in the websites that allow it) and, in addition, make sure never to enter links that we find in the mail or in social networks; make purchases and download games only from the link of the official EA store.

I am a Security Analyst, Consultant, Information Security Professional, and Developer.
My company name is Rapidsafeguard. Repidsafeguard is Security auditing and Consultant company. Our company is focusing on VAPT, NAPT and IoT security.
Easyhack purpose is Sharing research, cybersecurity awareness, the latest threats, and cyber attacks.
You can share your research at easyhack.in